防止在asp.net core 2中多次登录 [英] prevent multiple login in asp.net core 2

问题描述

美好的一天，

由于 IdentityOption 中没有 SecurityStampValidationInterval ，因此我如何验证安全戳以防止在 Asp.Net Core 2 中从单个用户多次登录.

How do i validate security stamp to prevent multiple login from single user in Asp.Net Core 2 as there's no SecurityStampValidationInterval in IdentityOption.

提前谢谢.

推荐答案

我已经使用Microsoft.Extensions.Caching.Memory.IMemoryCache来实现相同的功能.(将用户名存储在缓存中)

I have used Microsoft.Extensions.Caching.Memory.IMemoryCache to implement the same. (Stored the usernames in cache)

登录时(我们可以在验证密码之前执行此操作)步骤1:将内存缓存用作控制器的DI.

At the time of login (we can do this before validating the password) Step 1: Use Memory Cache as DI to the controller.

private IMemoryCache SiteCache = null;

public LoginHelper(IMemoryCache Cache)
{ 
  SiteCache = Cache; 
}

第2步:

在登录验证中，如果用户已经存在于缓存中，请运行此检查.

In your login validation, run this check, if the user already exists in cache.

private bool VerifyDuplicateLogin(string UserName, bool InsertKey)
{
    String sKey = UserName.ToLower();
    String sUser = Convert.ToString(SiteCache.Get<string>(sKey));

    if (string.IsNullOrEmpty(sUser))
    {
        if (InsertKey)
        {
            string cookieTimeout = appSettingsData.LoginCookieTimeout;
            int timeout = (string.IsNullOrEmpty(cookieTimeout)) ? 3 : int.Parse(cookieTimeout); 

            int sessionTimeOut = 5; // HttpContext.Current.Session.Timeout;

            sUser = string.Format("{0}^^^{1}", sKey, DateTime.Now.AddMinutes(sessionTimeOut).ToString("yyyy-MM-dd HH:mm:ss"));

            // No Cache item, so session is either expired or user is new sign-on,  Set the cache item and Session hit-test for this user
            TimeSpan SlidingTimeOut = new TimeSpan(0, 0, timeout, 0, 0); //(HttpContext.Current.Session.Timeout / 2) 

            MemoryCacheEntryOptions cacheOptions = new MemoryCacheEntryOptions
            {
                AbsoluteExpirationRelativeToNow = SlidingTimeOut
            };
            SiteCache.Set(sKey, sUser, cacheOptions); //OnCachedItemRemoved

            session.LoggedInUser = sKey;
        }

        //Let them in - redirect to main page, etc. 
        return false;
    }
    else
    {
        // cache item exists, means... "User already in" 
        return true;
    } 
}

第3步:注销时使用以下方法从缓存中删除用户名

Step 3: Use the following method at the time of log out to remove the username from cache

public void RemoveLogin(string userName)
{
    //Clear the cache
    if ((!string.IsNullOrEmpty(userName)) && SiteCache != null)
    {
        String sUser = Convert.ToString(SiteCache.Get<string>(userName));
        if (!string.IsNullOrEmpty(sUser))
        {
            SiteCache.Remove(userName.ToLower());
            session.LoggedInUser = "";
        }
    }
}

自从我使用了内存缓存后，每当服务器重置以及应用程序重置时，用户缓存也会被重置，我们可以得到快速响应.

Since I used the Memory cache, whenever the server reset, along with the application, user cache also gets reset and we can get a quick response.

我们可以使用数据库来实现相同的功能，以临时方式和类似的逻辑来存储已登录的用户，但是我觉得这种方法更快捷，更省力.

We can implement the same using Database to store the logged users in a temporarily and with the similar logic, but I felt this approach is little quicker and smother though.

此方法的一个缺点是，如果用户关闭浏览器并希望立即重新登录，则他将在用户已经登录时得到响应(意味着他将被锁定，直到缓存密钥过期为止.(我们必须小心当我们设置过期超时时

One drawback with this approach is, if the user closes the browser and wish to log back immediately, he will get a response as user already logged in (means he gets locked until the cache key expires. (We have to be careful while we set expire timeout)

谢谢

这篇关于防止在asp.net core 2中多次登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！